tech services policy manual
DESCRIPTION
Tech Services Policy ManualTRANSCRIPT
-
Washoe County
Information Technology Policy Manual
Adopted March 23, 1999 by the
Board of County Commissioners Revised November 14, 2000
-
Washoe CountyInformation Technology
Policy ManualNovember 2000
-
Washoe County Information Technology Policy Manual
Board of Commissioners
Ted Short, District 2, Chair Jim Shaw, District 4, Vice-Chair Jim Galloway, District 1 Pete Sferrazza, District 3 Joanne Bond, District 5
Information Technology Advisory Committee
Katy Simon, County Manager, Chair Matt Beckstedt, Director, Information Technology Department Lee Bergevin, Assistant Sheriff, Sheriffs Office Bill Berrum, Treasurer Tom Gadd, Director, General Services Department Dick Gammick, District Attorney Amy Harvey, County Clerk Barbara Hunt, District Health Officer Gary Kraemer, Chief Deputy Comptroller Ron Longtin, Administrator, District Court Sandy Marz, Law Librarian Arnie Maurins, Systems Librarian, Washoe County Library Joanne Ray, Chief, Personnel Division David Roundtree, Public Works Director John Sherman, Director, Finance Department
Information Technology Standards Committee
Arnie Maurins, Public Library, Chair Craig Franden, District Court, Vice-Chair Gary Beekman, Information Technology John Blanke, Information Technology Larry Burtness, General Services Rick Halbardier, Information Technology Doug Johnson, County Clerks Office Craig McAllister, Information Technology Lori Mendoza, District Health Department Mark Moser, District Attorney's Office, Kraig Smith, Information Technology Margaret Spicher, Public Library Robert Towery, Sheriffs Office Jerry Walker, Information Technology
-
Washoe County Information Technology Policy Manual
CONTENTS Section 1 - Introduction ...........................................................................................1 Section 2 - Purpose...................................................................................................2
Policy........................................................................................................................................... 2 Procedures ................................................................................................................................... 2
Section 3 - Responsibility.........................................................................................2 Policy........................................................................................................................................... 2 Procedures ................................................................................................................................... 2
Organizational Responsibilities ............................................................................................... 2 Mission Critical Applications and User Support ..................................................................... 4 System Development, Operation and Maintenance................................................................. 6
Section 4 - Standards ...............................................................................................7 Policy........................................................................................................................................... 7 Procedures ................................................................................................................................... 7
Countywide Applications and Workgroup Productivity Tools ............................................... 7 Type of Information Technology Systems that can be Acquired or Built............................... 7 Changes in County Information Technology .......................................................................... 9 Make or Acquire Decisions ................................................................................................... 10 Purchase of Information Technology .................................................................................... 10 System Development and Maintenance................................................................................. 10
Section 5 - Budgeting .............................................................................................11 Policy......................................................................................................................................... 11 Procedures ................................................................................................................................. 11
Base Budgeting...................................................................................................................... 11 Strategic Funding................................................................................................................... 11
Section 6 - Data.......................................................................................................12 Policy......................................................................................................................................... 12 Procedures ................................................................................................................................. 12
Administration of Data .......................................................................................................... 12 Access by the Public to Electronically Stored Information................................................... 13 Security .................................................................................................................................. 13
Appendix A Roles and Responsibilities Matrix
-
Washoe County Information Technology Policy Manual
Section 1 - Introduction This policy manual has been designed to provide a ready reference to
County policies and procedures on information technology. This policy manual contains the official directives established by the Board of County Commissioners and the Information Technology Advisory Committee. These information technology policies apply to all County Departments. These policies are the governing principles that mandate, constrain or provide guidance to actions, which are needed to provide County services in accordance with state and federal legislation, prudent administrative practices and the information technology strategic plan approved by the Board of County Commissioners. These policies are designed to facilitate achieving the County's mission and reducing the risk inherent in the acquisition and use of information technology. Implementation of the policies are to be accomplished by the procedures articulated in this manual. Those procedures elaborate on specific policies as well as describe the standards, criteria, and processes for the acquisition and use of information technology. A quick overview of these policies can be found in Appendix A, Information Technology Policy Manual Roles & Responsibility Matrix. The five information technology policies included in this manual focus on key organizing principles and are designed to provide direction to Washoe County's Departments and employees for the management and use of information technology resources. These policies are an expression of the underlying values contained in the principles and goals established in the 1997 Information Technology Strategic Plan. The policies adopted by the Board of County Commissioners address five areas: purpose, responsibility, standards, budget, and data. After each policy statement the specific implementation procedures are described. These procedures provide a more detailed understanding of the policies as well as defining the standards, criteria and processes to be used in the acquisition and use of information technology in Washoe County. Additionally these procedures specify responsibilities for the management of that technology. Additional specific technology architecture, acquisition and security standards are published in the Washoe County Standards and Procedures for Information Technology Manual. Additional planning resources include the Washoe County Information Technology Service Agreement and the Washoe County Department Information Technology Planning Policies and Standards.
rev 11/00 Page 1
-
Washoe County Information Technology Policy Manual
Section 2 - Purpose Policy
The primary purpose for using information technology in Washoe County is to support the wide range of services which the County delivers to its residents, to its businesses, and to other government agencies and to do so efficiently and effectively as possible. The County's information technology policies, goals, standards and processes will reflect this primary purpose.
Procedures
This policy describes the general intent of the Board of County Commissioners in adopting the information technology policies and procedures. In analyzing and applying these individual policies and procedures, the Board direction on the purpose of using information technology will often provide the needed guidance in deciding issues on the acquisition and use of that technology.
Section 3 - Responsibility Policy
County Departments are responsible for planning, acquiring and using information technology in support of their mission and goals, consistent with the County's information technology strategic plan. The County will collectively manage the use of information technology to support and ensure Countywide planning and interagency collaboration on systems for common services and functions, and facilitate collaboration between workgroups. The County will maintain a business practice that ensures all Departments are able to rapidly, effectively and efficiently acquire, receive, implement, and use information technology.
Procedures Organizational Responsibilities
1A. The Board of County Commissioners is responsible for: 1. Approving the County's Information Technology Strategy as
recommended by the Information Technology Advisory Committee.
2. Approving expenditures on major information systems, human resources and applications (which must be consistent with the County's strategic direction and on availability of funding).
3. Adopting policies and ordinances necessary for the implementation of the Countys information technology strategy.
1B. The Information Technology Advisory Committee (ITAC - membership appointed by the County Manager and includes elected and appointed Department heads) is responsible for: 1. Recommending the Countys information technology strategy
to the BCC. 2. Updating the Countys information technology strategy as
needed.
Page 2 rev 11/00
-
Washoe County Information Technology Policy Manual
3. Reviewing and approving information technology standards. 4. Technology planning for the County. 5. Based upon the strategic direction of the County, recommend IT
priorities and funding to the BCC. 1C. The Information Technology Standards Committee (ITSC -
membership appointed by ITAC and includes County IT managers and professionals) is responsible for making recommendations to ITAC regarding: 1. Information systems architecture standards. 2. Information technology security standards. 3. Standard system development tool kit for application
development. 4. Standard set of Countywide desktop applications. 5. Other technical issues regarding the Countys Information
Technology Strategy. 1D. Information Technology Department is responsible for:
1. Assisting the ITSC in developing system architecture and security standards.
2. Assisting ITAC in developing and maintaining the Countys Information Technology Strategy.
3. Assisting County Departments in developing their IT plans. 4. Countywide mission critical IT applications as described in the
IT Department IT plan. 5. Report recommendations on innovations in information
technology to ITAC and to ITSC in order to support the rapid and effective deployment of new technology for customer services.
6. Mission critical Departmental applications which the Department and IT have identified in the Information Technology Service Agreement.
1E. Departments are responsible for: 1. Defining Departmental IT needs. 2. Development of Departmental IT plans. 3. Managing the use of Departmental IT, including mission critical
applications as described in the Department IT plan. 4. Quantify the use of IT to serve Departmental customers. 5. Adhering to established information technology standards.
1F. Service level expectations of the IT Department are managed by: 1. Establishing and adhering to Department IT plans which
include IT and Departmental service agreements. 2. Adhering to established information technology standards. 3. ITs annual work program developed from Departments IT
plans based upon ITACs endorsed priorities. 4. ITs annual budget.
rev 11/00 Page 3
-
Washoe County Information Technology Policy Manual
Mission Critical
Applications and User Support
An Information Technology Service Agreement between IT and a County Department (see section 1F) is the instrument for describing the allocation of support responsibilities.
2A. Departmental mission critical applications are defined as: 1. Services provided to public, business to public (i.e. Marriage
system, tax system, Social Services, elections, jail management, building permits, etc.)
2. Services to other Departments, business to business (i.e. Payroll, personnel, fund accounting, disaster recovery, etc.)
3. Specialized applications identified in the Information Technology Service Agreement and used by a Department that is required by an entity outside of the County (NOMADS, CJIS, UNITY.)
2B. Countywide mission critical applications are defined as: 1. Network infrastructure resources (wiring, operating systems,
application servers, internet services.) 2. Desktop/groupware applications (email, word processing,
spreadsheet.) 2C. IT is responsible for Countywide mission critical applications as
well as coordinating the installation of network infrastructure resources consistent with the policies, standards and processes established pursuant to sections 1A through 1F, 4A through 4E and 5A through 5E and coordinating the installation of network infrastructure resources.
2D. Departments are responsible for their mission critical applications consistent with policies, standards and processes established pursuant to sections 1A through 1F, 4A through 4E and 5A through 5E.
2E. Responsibilities for mission critical applications include: 1. Ownership. 2. Trained personnel, including the development of necessary skill
levels. 3. Success or failure of the system. 4. Business resumption plan. 5. Data integrity and backup. 6. Data and system security. 7. Maintenance and updates.
2F. Departments are responsible for the first tier support for their employees use of mission critical applications. First tier support includes: 1. Establishing IT Coordinators, who will have knowledge of their
business process, work flows and tools. 2. Application security through administrative authority for access
rights.
Page 4 rev 11/00
-
Washoe County Information Technology Policy Manual
3. Basic trouble shooting at the desktop to verify connections, operator error problems, basic software use, etc.
2G. By written agreement between each Department and IT, either IT, an identified commercial entity, or the Department is responsible for the second tier support for their employees use of mission critical applications. Second tier support includes: 1. Help Desk support. 2. Hardware and software support at the desktop.
2H. The Information Technology Department is responsible for all third tier support used in all County applications. Third tier support includes: 1) all network equipment (hardware and software) and 2) County-wide software application development and support unless otherwise noted in a service agreement with all affected departments and the IT Department. The IT Department will be responsible for all third tier support for all County developed applications.
2I. The criteria that will be used to analyze and determine if and under what conditions a Department will assume responsibility for second and third tier support include: 1. Criteria to determine if a Department should assume
responsibility for second tier support of the Department's mission critical applications:
a. A demonstrated need of the Department to manage its information technology, which includes: (1) The need for at least two (2) full-time employees
knowledgeable about the mission critical application. Various options could be used to meet the necessary back-up staffing requirement (i.e., one FTE in each of two different Departments supporting the same application) as described and agreed to in the Information Technology Service Agreement to meet the necessary back-up staffing requirements (i.e., one FTE in each of two different Departments supporting the same application).
(2) The use of unique information technology that is critical to achieving the mission of the Department.
(3) The degree of integration of information technology into the operations of the Department (e.g., how many employees use the technology; how often employees use technology during the workday, etc.)
(4) The amount of interaction with other County Departments and/or other agencies/entities by means of information technology.
b. A commitment by the Department to develop, maintain, and implement an information technology plan.
c. A commitment by the Department to adhere to the Countys information technology standards.
rev 11/00 Page 5
-
Washoe County Information Technology Policy Manual
d. The financial feasibility of transferring control to the Department.
e. If the Department or IT Department cannot mutually develop a Service Agreement, per Section 2I.1.a(1) above, of responsibility for second tier support, Departments should present their IT Plans to ITAC for an appeal.
2. The Countys network and County-wide developed software applications are considered a mission critical application necessary for the success of all departments and should not be dependent upon the priorities/needs of one particular department. Consequently there are no criteria in which a department can assume responsibility for this level of support.
2J. Information Technology support levels and Washoe County's personnel classifications are grouped within the following two categories: 1. First tier support is provided by employees that have been
designated as Departmental IT Coordinators. The skills, abilities and knowledge required of Departmental IT Coordinators are included in the requirements of existing personnel classifications. Designation as an IT Coordinator shall not be the basis for classification and/or compensation of the position.
2. Second and third tier support is provided by employees holding existing application and network support personnel classifications (i.e., support technician, programmer, systems analyst, etc).
System Development, Operation and
Maintenance
3A. Departments are responsible for: 1. Statement of needs. 2. Consulting with IT regarding the functional requirements of the
system.
3. Funding for hardware, software, and support (consistent with
section 11C). 4. Project management. 5. Dedicate resources for project success. 6. Training employees. 7. Project proposal, which includes documenting the evaluation
criteria listed in section 5E. 3B. IT or the contractor is responsible for:
1. Provide consulting for conformance to standards. 2. Infrastructure for data communications. 3. Analyze for compliance for functionality and adherence to
Department specifications. 4. Consult on contract negotiations to provide for support and
maintenance. 5. Repair of IT supported computer equipment.
Page 6 rev 11/00
-
Washoe County Information Technology Policy Manual
3C. Policy, process and criteria for Department to build own applications include: 1. Departments who build their own applications must adhere to
County IT standards as described in the Service Agreement. 2. Application development will follow the Method for
Application Development protocol as adopted by ITAC pursuant to sections 9A through 9E.
Section 4 - Standards Policy The County will acquire and maintain standards-based information
technology that is founded on an open-systems strategy. The Countys information technology will be designed to achieve the highest degree of manageability, applications portability and interoperability of the systems elements, and support the integration of different products acquired at different times for different purposes.
Procedures Countywide
Applications and Workgroup
Productivity Tools
4A. County IT applications will focus on client/server and web technology. An approved list will be maintained by ITSC of general purpose workstation, work group and application tools which : 1. Supports portability and collaboration of staff and systems. 2. Ensures easy and rapid exchange of data objects such as
formatted documents. 3. Facilitates effective staff workstation training and support. (See the Washoe County Standards and Procedures for Information Technology Manual for the current list of standard workstation, workgroup and application tools)
4B. Exceptions to the standard will require approval of ITAC if the County will support the technology.
4C. The IT Department will assist ITSC in reviewing new technology and developing recommendations to ITAC regarding the use of emerging technology.
4D. The IT Department will assist ITSC in reviewing and developing recommendations to ITAC regarding the standard set of Countywide general purpose workstation, work group and application tools.
4E. ITSC will establish and maintain a reference library of products and application technologies for use by County Departments.
Type of Information Technology Systems
that can be Acquired or Built
5A. Focus on open systems strategy including client/server and web technology to: 1. Achieve the highest degree of manageability, application
portability and interoperability of the systems elements. 2. Support the integration of different products acquired at
different times for different purposes. 3. Support a Countywide information technology infrastructure for
rev 11/00 Page 7
-
Washoe County Information Technology Policy Manual
collaboration between work groups. 5B. Departments are encouraged to purchase applications that meet
County standards and IT principles; exceptions must be documented in the Departments IT plan and approved by ITAC if the Department is to receive IT support. Any disputes that cannot be resolved will be forwarded to the Board.
5C. The direction for the use of technology will be consistent with the direction of the industry.
5D. The evaluation and selection methodology for client/server technologies and standards include: 1. Environmental scan of the IT industry. 2. Consultation with expert firms regarding Industry direction and
available products (i.e., Gartner Group). 3. Strategic positioning of companies (i.e., completeness of vision,
ability to perform, market presence, computability with existing software, etc.).
4. Develop a draft of programming, user interface, and design standards.
5. Feasibility and assessment through a pilot project. 6. Refine programming and user interface design standards
5E. Information technology is a vital part of the County service delivery infrastructure. In order to realize full value from major capital investments in IT those investments must result in significant, measurable improvements in the services provided by the County. IT projects are to be evaluated and priorities established taking into account the following criteria: 1. Project focus:
a. What strategies, goals and business needs of the Department and the County does the project support?
b. What function(s) does the project support (i.e., justice, health and social service programs, finance and human resources, etc.)?
c. What opportunities have been identified for sharing of hardware and software resources?
2. Cost-benefit analysis: a. What are the measurable improvements in effectiveness and
productivity (i.e., service level increase, service outcome and cost reduction) that will result from the technology?
b. What is the measurable reduction in organizational overhead that can be achieved or the amount of overhead resources that can be transferred to direct customer service?
c. How will current equipment and technology investments be maximized?
e. What is the detailed project costs, including integration and annual support?
f. What re-engineered work processes have been considered?
Page 8 rev 11/00
-
Washoe County Information Technology Policy Manual
3. Project Management: a. Identify the system development, maintenance, operation
and project management practices that will be used to successfully support the investment over the life of the application?
b. Who has been given the responsibility and authority to manage the project and what are the project outcome measurements?
4. Data Management: a. Does the project focus on providing front-line, service
delivery staff with the tools to access all needed information?
b. Will information captured or generated by the application, regardless of its location within the County, be universally available (subject to the need and right to know)?
c. Will information be delivered for direct client services, for management analysis and for business decisions?
d. What opportunities have been identified for information to be shared by other Departments to minimize the cost of collection and maintenance and to maximize accuracy?
5. Project Technology: a. How does the technology support the integration of different
products acquired at different times for different purposes? b. Will the project employ technology that includes proven
off-the-shelf systems, or does the project include production pilots and other small-scale trials in order to reduce project risks or to evaluate the creative use of technology?
c. Are the communication systems compatible with the Countys communication infrastructure?
d. In what ways will the technology improve public access to County government by citizens?
Changes in County
Information Technology
6A. Efforts will be made to maintain mission critical applications no more than one release behind the manufacturers current version.
6B. The Countys strategic direction for the use of technology is consistent with the direction of the industry to be established using the processes described in sections 5A through 5E.
6C. Implementation of current IT across the County can be phased Department by Department based upon Departmental IT plans and funding availability.
6D. The Countys business practice is that Departments will implement IT that has been proven to improve service to the public and/or reduce the cost of providing service.
6E. IT and ITSC will review new information technology and provide recommendations to ITAC in order to increase the Countys understanding of opportunities and innovations.
rev 11/00 Page 9
-
Washoe County Information Technology Policy Manual
Make or Acquire
Decisions
7A. Preference will be given to vendor provided products versus custom developed applications.
7B. Preference will be given to products that can demonstrate an appropriate level of stability in a production environment.
7C. Preference will be given to vendor-provided products that meet at least 80% of the functional requirements.
7D. All proposed applications costing $25,000 or more will be incorporated into the Departments IT plan and have received approval by the BCC.
7E. Product selection will be based upon quantitative criteria.
Purchase of Information Technology
8A. Departments must purchase the basic set of general-purpose workstation, work group and application tools through the Purchasing Department in order to receive County support (see the Washoe County Information Technology Architecture, Acquisition and Security Standards Manual).
8B. Departments must develop a project acquisition proposal, which addresses the evaluation criteria listed in section 5E.
System Development
and Maintenance
9A. Departments must complete a system development proposal, which addresses the evaluation criteria listed in section 5E.
9B. The Countys system development management guidelines, includes: 1. Accountability for completion within outcome measurements. 2. Senior Department management sponsorship and continuing,
fully involved, project commitment in partnership with the project managers.
3. Fully staffed systems project management with appropriate responsibility and authority.
4. Quarterly summary reports of progress, plans, costs and issues. 9C. System development and maintenance standards used by IT are in
the Methodology for Application System Development, which includes the following phases: 1. Project initialization and feasibility study, including project plan
and budget (which identifies all costs, including integration and annual support).
2. Detailed project analysis, design and construction. 3. Implementation, including plans for operation, maintenance,
security and disaster recovery. 4. Post-implementation review, including quality assurance
reviews, planned versus actual functional capabilities, measurable benefits and documented innovations and lessons learned.
9D. When an application is being built by a contractor an equivalent system development and maintenance methodology will be used.
Page 10 rev 11/00
-
Washoe County Information Technology Policy Manual
9E. IT will establish the standard system development tool kit for application development in conjunction with ITSC (see the Washoe County Standards and Procedures for Information Technology Manual for the tool kit list).
Section 5 - Budgeting Policy
The County's operating as well as its long-term strategic budget will include and account for hardware and software acquisition, maintenance, upgrades, replacement costs, personnel and training. The annual budget will include and account for the total operating and capital cost of Departmental information technology. Departmental information technology plans will be used to develop Departmental budget proposals, to develop the Department of Information Technology' annual budget and priorities as well as to establish multi-Departmental and Countywide information technology priorities.
Procedures Base Budgeting
10A. The annual budget accounts for the total cost of Departmental IT
ownership based on Department IT plans. The budget and the Departments IT plan includes resource estimates on the following costs: 1. New and existing hardware acquisition and maintenance. 2. New and existing software acquisition and maintenance. 3. New and existing staff training. 4. New and existing personnel.
10B. Departmental IT service demands on IT, including software and hardware maintenance, are used to develop ITs budget and priorities as included in the service agreement.
Strategic Funding
11A. The Finance Division is responsible for developing and recommending a strategic funding plan to the BCC for information technology, (and updating the plan as needed). The strategic funding plan includes: 1. IT projects that cost $25,000 or more. 2. Departmental IT plans. 3. IT annual budget priorities, including support of Departmental
IT plans. 4. An information technology replacement component that is
consistent with the standards and policies specified in sections 6A through 6E.
11C. Funding for IT will be included in the budgets of: 1. Individual Departments for Departmental specific IT projects. 2. Information Technology for countywide IT projects. 3. Designated lead Department for multi-Departmental IT projects.
rev 11/00 Page 11
-
Washoe County Information Technology Policy Manual
Section 6 - Data Policy
The County will administer data in accordance with common standards in order to enable access to the data by the public and so that the data can be shared across organizational lines to meet program needs, with the appropriate levels of security and privacy. In doing so, the County will provide and centrally manage a common data access mechanism, ensure that data will be acquired only as necessary for Departmental operations and assign responsibility for data collection, maintenance and accuracy, data definition, accessibility and security consistent with the Countys standard data management technology.
Procedures Administration of Data
12A. The County, through IT, provides and centrally manages a
common data access mechanism. Access is provided according to the following stages: 1. Inventory all Departmental systems. 2. Publish a data dictionary with the source and definitions of
data elements that are of Countywide value, and each data element classified as open access or restricted.
3. Document a logical model of Countywide data, which serves a well-defined County business purpose. The model includes common data definitions and relationships.
4. Establish standard common access tools for workstations to access and analyze data, regardless of it location.
12B. Data will be acquired only as necessary for Departmental operations.
12C. Departments are responsible for: 1. Data collection, maintenance and accuracy. 2. Data definition, accessibility and security consistent with the
Countys standard data management technology. Consideration of Countywide access and governance practices must be included in Department systems.
3. Opportunities to share information between Departments and to avoid redundant data management shall be considered subject to privacy and confidentiality requirements.
4. Security and integrity of their data. 12D. Data storage and access is consistent with the Countys security
plan and protocols. 12E. Departments are permitted access to other Departments data that
is available for general distribution as allowable by law. Access to classified data is to be approved by the Department that is responsible for the data.
12F. Data to be shared by Department users or organizations as well as critical user data must be stored on a defined sharable resource, which is backed-up daily.
12G. Non-critical user data is stored on the users local drive to
Page 12 rev 11/00
-
Washoe County Information Technology Policy Manual
conserve network storage. 12H. Large volumes of static data are stored on high capacity storage
medium. 12I. Full disk backups to network servers by users must be scheduled
with IT. 12J. Data to be used by a County department that is shared by or
generated by an outside agency, should meet all requirements in this section, including security and integrity. IT should be notified of information shared with outside agencies.
Access by the Public to
Electronically Stored Information
13A. Public access to the Countys electronically stored information may be by means of web technology.
13B. All legally permissible information that is stored electronically may be made available to the public with Department approval.
13C. Open access to information must be balanced with the rights to individual privacy and confidentiality.
13D. Prior to classifying information under open access, a review will be performed by the Department to determine if a single or multiple pieces of data, when combined, would form a whole picture which could result in a violation of privacy and confidentiality requirements. This review should take into consideration data which could jeopardize personal security such as medical records, building plans/burglar alarms, insurance information, juror information, witness protection, personnel records, social security numbers, concealed weapon permits and social services information. It is encouraged that Departments who have questions or need further information consult with ITAC or the District Attorneys Office as appropriate.
13E. Electronic access to public record information shall not compromise the security and integrity of databases, computer systems and networks.
Security
14A. ITAC, with the assistance of ITSC, is responsible for developing
and maintaining the Countys acceptable use, standard practice and security policies as enumerated by the Washoe County Standards and Procedures for Information Technology manual. These policies and standards include, but are not limited to: 1. County Departments are responsible for the security of their
information technology, such as: a. Physical security of their workstations and file servers. b. Ensuring workstations are logged off of the network while
unattended. c. Defining security requirements for their data. d. Use of passwords and protection of their passwords. e. Security and backup of data stored on their local drives
and file servers.
rev 11/00 Page 13
-
Washoe County Information Technology Policy Manual
2. IT is responsible for the security of Countywide information technology, such as: a. Physical security of file servers located in the data center. b. Backup of file server data located in the data center. c. Setting up file and directory access rights base on the
Department's security requirements. 14B. Departments will adhere to acceptable use, standard practice and
security policies, which will be confirmed by a Computer Security Memorandum of Agreement as shown in the Washoe County Standards and Procedures for Information Technology manual.
14C. IT will appoint an Information Security Officer who is responsible for Countywide IT security.
14D. Departments will provide training to employees on information security and designate at least one Departmental employee to be responsible for IT security.
Page 14 rev 11/00
-
Washoe County Information Technology Policy Manual
Appendix A Roles and Responsibilities Matrix
Page 16 rev 11/00
Washoe CountyInformation Technology Policy ManualAdopted March 23, 1999 by theJoanne Bond, District 5Matt Beckstedt, Director, Information Technology DepartmentGary Beekman, Information TechnologyRobert Towery, Sheriffs OfficeJerry Walker, Information TechnologyCONTENTS
Section 1 - Introduction Section 2 - PurposePolicyProcedures
Section 3 - ResponsibilityPolicyProceduresOrganizational ResponsibilitiesMission Critical Applications and User SupportSystem Development, Operation and Maintenance
Section 4 - StandardsPolicyProceduresCountywide Applications and Workgroup Productivity ToolsType of Information Technology Systems that can be Acquired or BuiltChanges in County Information Technology Make or Acquire DecisionsPurchase of Information TechnologySystem Development and Maintenance
Section 5 - BudgetingPolicyProceduresBase BudgetingStrategic Funding
Section 6 - DataPolicyProceduresAdministration of Data Access by the Public to Electronically Stored InformationSecurity
Appendix A Roles and Responsibilities Matrix